time to fix silly ssh bug
Bryn M. Reeves
bmr at redhat.com
Tue Jun 19 15:24:44 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/19/2012 02:47 PM, Neal Becker wrote:
> Bryn M. Reeves wrote: On 06/19/2012 02:01 PM, Neal Becker wrote:
>>>> This is rediculous. I liked the idea of 775 when it was
>>>> introduced, since it did solve an annoyance with the old
>>>> unix groups. But then we should make the default fedora
>>>> install work by setting the sshd config to allow it to accept
>>>> this setup.
>
> I think it would be better to ensure the directory is created with
> the correct permissions.
>
> The administrator already has control of the StrictModes setting
> if they want to relax this restriction.
>
> The issue is the admin is likely some poor newb installing fedora
> on his home computer. I argue the reverse - the knowlegable unix
> hack can change it to make it stricter.
>
Then that's a policy change that should be proposed and reviewed. It's
not a bug and there is nothing to fix.
The current behaviour is long standing not only in Fedora but in the
usptream project that we are packaging.
If you'd like to change that policy I'd submit an RFE to the Fedora
openssh maintainers but I wouldn't be too surprised if it was rejected.
Imho the issue you describe is better dealt with through documentation
for newbie admins than by changing a default that would be hazardous
for some common configurations.
Regards,
Bryn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/gmbwACgkQ6YSQoMYUY97fcwCgwyNUXnkcfYVHnt9v+l/H9sQA
O0YAnj6uxrJb0bBqrSzgkHyzz7+CYRYA
=hSci
-----END PGP SIGNATURE-----
More information about the devel
mailing list